1. Trang chủ
  2. » Công Nghệ Thông Tin

Secure PHP Building 50 Practical Applications Development phần 4 pot

92 125 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 92
Dung lượng 707,85 KB

Nội dung

Chapter 8 Intranet Simple Document Publisher IN THIS CHAPTER ◆ Developing a simple intranet document publisher ◆ Installing the intranet document publisher ◆ Using the intranet document publisher PUBLISHING DOCUMENTS ON THE WEB or on the intranet is a major task due to the complexity of the documents and how organizations manage their workflow. In this chapter, we’ll develop a simple document publishing tool that is available to all users on the intranet and handles HTML documents only. Because most office word-processing applications these days can save files as HTML, this opens up the publisher to most organizations. Let’s look at the functionality requirements that this document publishing sys- tem will meet. Identifying the Functionality Requirements The document publisher will offer each user on the intranet the following: ◆ Web forms to create new documents: The Web form accepts both text and HTML data. However, the publisher itself does not support formatting. In other words, if a user wants to paste the contents of a Word document into the publisher form, she should save the Word document as an HTML file and copy the HTML contents instead of the text shown in Word’s WYSIWYG editor. If text documents are to be submitted, a simple trick is needed to maintain formatting, which is discussed in the “Adding a new document” section later in this chapter. ◆ Easy and simple category-based document organization: Each document is published in a category. There can be only a single level of categories. Each category will have a defined set of users who can view documents 247 11 549669 ch08.qxd 4/4/03 9:25 AM Page 247 and a defined set of publishers (i.e. users who can create/modify/delete documents). ◆ User-level access control for viewing and creating documents: Users can have view or publish (creation/modification/deletion) rights. Multiple users can have view or publish rights per category. ◆ Automated announcements for document availability and updates: When new documents are created, the users with view and publish rights are shown an MOTD announcement when they log in to the intranet. When an existing document is modified or removed, the appropriate users also are notified via MOTD. This notification is very useful because an important document change notice can be sent automatically to appropri- ate users who need to know about the changes. In fact, users will have to acknowledge that they know about the changes by clicking on the OK button of the MOTD document change notice message which gets dis- played on their home pages. Let’s take a quick look at the prerequisites of such a publishing system. The Prerequisites This document publishing system builds on the intranet classes discussed in the previous chapters in this part of the book. For example, it uses the MOTD class (Chapter 6) to announce new documents and updates. The applications that we develop here require the central login/logout applica- tions (Chapter 5), user-management applications (Chapter 6), and the intranet home applications (Chapter 7). In addition, administrative intranet users, who are defined in the intranet user table discussed in Chapter 6, are given full access to all aspects of the document and category management in this publishing tool. Now let’s look at the database design and implementation needed for creating this document publishing system. Designing the Database When designing the database for the document publisher we have consider the fol- lowing data requirements: ◆ There will be multiple categories. Each category will have list of users who can view documents in that category. Each category will also have list of users who can publish documents in that category. So a category has many viewers and publishers. 248 Part II: Developing Intranet Solutions 11 549669 ch08.qxd 4/4/03 9:25 AM Page 248 ◆ In each category there will be many documents. Each document will have tracking information and responses. Therefore each document has many tracking and response data. Based on these requirements, we can create the database relationship as shown in Figure 8-1. Here the LD_CATEGORY table has one to many relationships with the LD_DOCUMENTS table because each category can have many documents. Similarly, LD_CATEGORY has one to many relationships with LD_CAT_VIEWER (viewer list) and LD_CAT_PUBLISHER (publisher list) tables. Since each document in LD_DOCUMENT table has many tracking and response records, it has one to many relationships with LD_TRACK (tracking data) and LD_RESPONSE (response data) tables. Figure 8-1: Intranet document publisher database diagram. Table 8-1 describes each table in the database. TABLE 8-1 DOCUMENT PUBLISHER DATABASE TABLES Table Description LD_CATEGORY This table is the integral part of this database. It holds the category number ( CAT_ID), which is automatically generated by the database, and the category name ( CAT_NAME), description ( CAT_DESC), and order (CAT_ORDER). LD_CAT_PUBLISHER Contains the category publisher information: the category number ( CAT_ID) and the ID of the publisher who can publish document in that category ( PUBLISHER_ID). LD_CAT_VIEWER Holds the category viewer information: the category number ( CAT_ID) and the viewer ID of the user who can view documents in that category ( VIEWER_ID). Continued Chapter 8: Intranet Simple Document Publisher 249 11 549669 ch08.qxd 4/4/03 9:25 AM Page 249 TABLE 8-1 DOCUMENT PUBLISHER DATABASE TABLES (Continued) Table Description LD_DOCUMENT Holds information about the document: the doc ID (DOC_ID), which is automatically generated when a new document is added to a category; the category number ( CAT_ID) in which the document will be published; and the document heading ( HEADING), body (BODY), and publishing date (PUBLISH_DATE). LD_RESPONSE Contains response(s) to a document published in a category. Each response consists of an ID ( RESPONSE_ID), responder ( RESPONDER), subject (SUBJECT), rate of the document (RATE), comment by the responder ( COMMENT), document ID (DOC_ID), and time of response ( RESPONSE_TS). LD_TRACK Stores information about when and who viewed the document. It contains the ID ( DOC_ID) of the document that has been viewed, the ID ( UID) of the users who viewed this page, and the time when the document was visited by the user (VISIT_TS). I have provided the necessary SQL to create the document publisher database in the ch8/sql/ld_tool.sql file in the CDROM. You can create the database on your MySQL server using this file as follows: mysql -u root -p -D INTRANET < ld_tool.sql Make sure you change the user name (root) to whatever is appropriate for your system. The Intranet Document Application Classes With the intranet document publisher database designed, it’s time to look at the PHP classes needed to implement the application. Figure 8-2 shows the system dia- gram for the publisher. As shown in the system diagram, there are three new objects (Category, Doc, and Response) that are needed to implement the intranet document publisher. Let’s dis- cuss the classes that will provide these objects for your applications. 250 Part II: Developing Intranet Solutions 11 549669 ch08.qxd 4/4/03 9:25 AM Page 250 Figure 8-2: Intranet document publisher system diagram. The Category class The Category class is used to manipulate each category. It allows an application to cre- ate, modify, and delete a category. The ch08/apps/class/class.Category.php file in the CDROM an implementation of this class. This class uses the following methods: ◆ Category(): This is the constructor method. It performs the following functions: ■ Sets the object variable cat_tbl to $LD_CATEGORY_TBL, which is loaded with the category table name (LD_CATEGORY) from the ld.conf file. ■ Sets the object variable doc_tbl to $LD_DOC_TBL, which is loaded with the document table name (LD_DOCUMENT) from the ld.conf file. ■ Sets the object variable cat_pub_tbl to $LD_CAT_PUB_TBL, which is loaded with the category publisher table from the ld.conf file. ■ Sets the object variable cat_view_tbl to $LD_CAT_VIEW_TBL, which is loaded with the category viewer table name from the ld.conf file. ■ Sets the object variable dbi to point to the class.DBI.php-provided object that is passed to the constructor by an application. The dbi member variable holds the DBI object that is used to communicate with the back-end database. ■ Sets the object variable CAT_ID to the given category ID (if any). ■ Sets the object variable std_fields, which is an array that contains the LD_CATEGORY table attributes and their data type. Central Login/Logout Messages Categories Documents Response User Home Interface PHP Application Framework Message Object Simple Intranet Document Publisher Applications Category Object Doc Object Response Object class.Message.php class.Category.php class.Doc.php class.Response.php Chapter 8: Intranet Simple Document Publisher 251 11 549669 ch08.qxd 4/4/03 9:25 AM Page 251 ◆ loadCatInfo(): This method loads all attribute values into the category object from the LD_CATEGORY table by the specified category IDs. This is how it works: ■ setCatID() is called to set the passed category ID to the current object. If no category ID is passed, the current $this->cid is taken. ■ The $this->dbi object is used to retrieve all the attribute values of the given category from the LD_CATEGORY table. ■ Each of the values is set to the current object so that they can be retrieved at any time using the other get methods of this class. For example $this- >CAT_NAME is set to the value of the CAT_NAME of the given category. ◆ getCategoryIDbyName(): This method returns the category ID for the given category name. It works as follows: ■ It takes the category name as parameter. ■ The category name is quoted using the quote() method of the $this- >dbi object and inserted into the SQL statement, which is needed to retrieve the category ID. ■ The query executes, and the resultant category ID is returned. If no result is found, it returns null. ◆ getCategories(): This method returns all the category names along with their IDs from the LD_CATEGORY table. This is how it works: ■ It executes a SQL query to retrieve all the field value of the LD_CATEGORY table ordered by descending CAT_ORDER. ■ The result is stored in an array that contains the category ID and name. ■ It returns the prepared array (or null, if the result set is empty). ◆ getPublishers(): This method returns the publisher IDs for a given category. This is how it works: ■ It calls setCatID() to set the passed category ID. ■ It executes a SQL query that retrieves all the publisher IDs from the LD_CAT_PUBLISHER table for the given category ID. ■ It stores the result of the execution in an array (unless the result set is empty), and returns the array. It returns null if the result set is empty. ◆ getViewers(): This method returns the viewer IDs for a given category. It works as follows: ■ It calls setCatID() to set the passed category ID. ■ It executes a SQL query that retrieves all the viewer IDs from the LD_CAT_VIEWER table for the given category ID. 252 Part II: Developing Intranet Solutions 11 549669 ch08.qxd 4/4/03 9:25 AM Page 252 ■ It stores the result of the execution in an array (unless the result set is empty), and returns the array. It returns null if the result set is empty. ◆ addCategory(): This method adds a new category into to the LD_CATE- GORY table. Category name, category ID, category order, and description are passed into an associative array as a parameter to the method. It works as follows: ■ The SQL statement is prepared using the $this->std_fields array that contains all the attributes of the LD_CATEGORY table and the values from the associative array that has been passed as parameter. ■ The values of the parameter are formatted using the quote() method of the $this->dbi object. ■ After executing the SQL statement, the newly added category’s CAT_ID is retrieved using another SQL statement. ■ If the insertion query is successful, this method returns the category ID of the newly added category. Otherwise, it returns FALSE. ◆ modifyCategory(): This method updates category information for a given category. Update information is passed in an associative array as a parameter to this method. It works as follows: ■ The SQL statement is prepared using the $this->std_fields array that contains all the attributes of the LD_CATEGORY table and the values from the associative array that has been passed as parameter. ■ The values of the parameter are formatted using the quote() method of the $this->dbi object. ■ If the update query is successful, this method returns TRUE. Otherwise, it returns FALSE. ◆ updateCategoryOrders(): This method updates the orders of the cate- gories. This takes an array of category ID and new order and assigns the new orders to each category. This is how it works for each category: ■ It updates the category by assigning it a temporary value (–1). This is done to avoid having the same order for two categories, which would forbid you to execute the query, because the ORDER attribute is unique. ■ After assigning the temporary value, the category is updated with the new order value for it. ■ The method returns TRUE upon successful update. Otherwise, it returns FALSE. Chapter 8: Intranet Simple Document Publisher 253 11 549669 ch08.qxd 4/4/03 9:25 AM Page 253 Method Description setCatID() Sets the category ID of the category object. It takes a non-empty category ID as the parameter. getCategoryName() Returns the name of the category object from the LD_CATEGORY table. It calls loadCatInfo() to set all the field properties of the class and then returns $this->CAT_NAME. getCategoryOrder() Returns the order of the category object from the LD_CATEGORY table. It calls loadCatInfo() to set all the field properties of the class and then returns $this->CAT_ORDER. getCategoryDesc() Returns the description of the category object from the LD_CATEGORY table. It calls loadCatInfo() to set all the field properties of the class and then returns $this->CAT_DESC. getHighestOrder() Returns the highest order of the LD_CATEGORY table. deleteCategory() Deletes the category from the database. It deletes all data related to the category from the ld_tool database. It takes the category ID as a parameter and returns TRUE or FALSE depending on the status of the deletion operation. deleteDocsByCatID() Deletes all document records related to a category. It takes category ID as a parameter and returns TRUE or FALSE depending on the status of the deletion operation. deleteCategoryViewers() Deletes all viewer records related to a category. It takes category ID as a parameter. deleteCategoryPublishers() Deletes all publisher records related to a category. It takes category ID as a parameter. isViewable() Determines if a category is viewable by a specific viewer. It takes category ID and user ID as parameters and returns TRUE if the user is authorized to view documents under the given category; otherwise, it returns FALSE. 254 Part II: Developing Intranet Solutions 11 549669 ch08.qxd 4/4/03 9:25 AM Page 254 Method Description isPublishable() Determines if the given publisher is allowed to publish in a specific category. It takes category ID and user ID as parameter and returns TRUE if the user is authorized to publish documents under the given category; otherwise, it returns FALSE. addCategoryPublishers() Adds publishers to a specific category. It takes category ID and user IDs as parameters and returns TRUE upon successful insertion of the data. It returns FALSE if it fails to add the publishers for the category. addCategoryViewers() Adds viewers to a specific category. It takes category ID and user IDs as parameters and returns TRUE upon successful insertion of the data. It returns FALSE if it fails to add the viewers for the category. The Doc class The Doc class provides the doc object, which is used to manipulate doc. It allows publishers to create and delete doc. The ch08/apps/class/class.Doc.php file in the CDROM is an implementation of this class. The following are the methods avail- able in this class: ◆ Doc(): This is the constructor method, which performs the following tasks: ■ Sets the object variable cat_tbl, which holds the category table name, to $LD_CATEGORY_TBL, which is loaded from the ld.conf file. ■ Sets the object variable doc_tbl, which holds the LD_DOCUMENT table name, to $LD_DOC_TBL, which is loaded from the ld.conf file. ■ Sets the object variable resp_tbl, which holds the response table name, to $LD_RESPONSE_TBL, which is loaded from the ld.conf file. ■ Sets the object variable track_tbl, which holds the track table name, to $LD_TRACK_TBL, which is loaded from the ld.conf file. ■ Sets an object variable called std_fields, which is an array that con- tains the LD_DOCUMENT table attributes and their data type. Chapter 8: Intranet Simple Document Publisher 255 11 549669 ch08.qxd 4/4/03 9:25 AM Page 255 ■ Sets an object variable called fields, which holds a comma separated list of fields from the std_fields set earlier. ■ Sets the object variable dbi to point to the class.DBI.php-provided object, which is passed to the constructor by an application. The dbi member variable holds the DBI object that is used to communicate with the back-end database. ■ Calls setDocID()to set the document ID of the object. ■ Sets an object variable called std_fields, which is an array that con- tains the LD_DOCUMENT table attributes and their data type. ◆ loadDocInfo(): This method loads all attribute values into the document object from the LD_DOCUMENT table by the specified document ID. This is how it works: ■ setDocID() is called to set the passed document ID to the current object. If no document ID is passed, the current object’s document ID is taken. ■ The $this->dbi object is used to retrieve all the attribute values of the given document from the LD_DOCUMENT table. ■ Each of the values is set to the current object so that they can be retrieved at any time using the other get methods of this class. For example $this->DOC_NAME is set the value of the DOC_NAME of the given document. This method sets all the attributes such as document ID, category number, heading, body of the document, and publish date for a given document. ◆ addDoc(): This method adds new documents to the database. Attributes such as document ID, category number, heading, body of the document, and publish date are passed in an associative array as parameters to this method. It works as follows: ■ The SQL statement is prepared using the $this->std_fields array that contains all the attributes of the LD_DOCUMENT table and the values from the associative array that has been passed as parameter. ■ The values of the parameter are formatted using the quote() method of the $this->dbi object. ■ After executing the SQL statement, the newly added document’s DOC_ID is retrieved using another SQL statement. ■ If the insertion query is successful, this method returns the category ID of the newly added category. Otherwise, it returns FALSE. 256 Part II: Developing Intranet Solutions 11 549669 ch08.qxd 4/4/03 9:25 AM Page 256 [...]... class The Response class provides the response object The response object is used to manipulate response data Applications can add or remove responses using the response object The ch08/apps/class/class.Response .php file in the CDROM is an implementation of this class 11 549 669 ch08.qxd 4/ 4/03 9:25 AM Page 259 Chapter 8: Intranet Simple Document Publisher Following are the response class methods:... delete all data related to the response from the database It takes response ID as the parameter 11 549 669 ch08.qxd 4/ 4/03 9:25 AM Page 261 Chapter 8: Intranet Simple Document Publisher Setting up Application Configuration Files Like all other applications we’ve developed in this book, the document publishing applications also use a standard set of configuration, message, and error files These files are... specifically the DB module needed for class.DBI .php in our application framework $PHPLIB_DIR Set to the PHPLIB directory, which contains the PHPLIB packages (specifically, the template.inc package needed for template manipulation) $APP_FRAMEWORK_DIR Set to our application framework directory $PATH Set to the combined directory path consisting of $PEAR_DIR, $PHPLIB_DIR, and $APP_FRAMEWORK_DIR This path... document index template file $LD_DETAILS_TEMPLATE Name of the document details template file $LD_RESPONSE_TEMPLATE Name of the document response entry form template file Continued 263 11 549 669 ch08.qxd 2 64 4 /4/ 03 9:25 AM Page 2 64 Part II: Developing Intranet Solutions TABLE 8-2 LD.CONF VARIABLES (Continued) Configuration Variable Purpose $LD_VIEW_RESPONSE_TEMPLATE Name of the document response view template... ‘/home/templates/themes’ The messages file The messages displayed by the publisher applications are stored in the ch8/apps/ld.messages file in the CDROM You can change the messages using a text editor 11 549 669 ch08.qxd 4/ 4/03 9:25 AM Page 267 Chapter 8: Intranet Simple Document Publisher The errors file The error messages displayed by the document publishing applications are stored in the ch8/apps/ld.errors file in the... document announcement message to appropriate viewers using the addViewer() of the Message object ■ If the document could not be added, a status message shows the failure notice 273 11 549 669 ch08.qxd 2 74 4 /4/ 03 9:25 AM Page 2 74 Part II: Developing Intranet Solutions ◆ updateCategory(): This method is used to update a category in the data- base It works as follows: ■ A new category object called $catObj... Enables users to create, modify, and delete documents ◆ Does not allow non-administrative users to create, modify, or delete categories The ch8/apps/ld_admin_mngr .php in the CDROM an implementation of this application 11 549 669 ch08.qxd 4/ 4/03 9:25 AM Page 269 Chapter 8: Intranet Simple Document Publisher Here are the methods in this application: ◆ run(): When the application is run, this method is... called to add the viewer user 11 549 669 ch08.qxd 4/ 4/03 9:25 AM Page 273 Chapter 8: Intranet Simple Document Publisher list for the new category in the database table A status message is shown using showStatusMessage() to inform the administrator about the successful creation of the category Because the new category needs to be added to the navigation file used by home .php application, generateCategoryNavigator()... MOTD 11 549 669 ch08.qxd 4/ 4/03 9:25 AM Page 265 Chapter 8: Intranet Simple Document Publisher Configuration Variable Purpose $LD_CATEGORY_NAV_DIR The fully qualified path for the category navigation file Ideally, you should set this to a path that is outside your Web document tree and the files in this directory should have only read/write permissions for the Web server user which runs the PHP scripts... user does not have publishing rights to the current category, the method returns FALSE Otherwise, it returns TRUE 277 11 549 669 ch08.qxd 278 4/ 4/03 9:25 AM Page 278 Part II: Developing Intranet Solutions The document index display application The document index application, ld_mngr .php, shows document indexes for each category or all categories when the category is not specified This application is included . classes that will provide these objects for your applications. 250 Part II: Developing Intranet Solutions 11 549 669 ch08.qxd 4/ 4/03 9:25 AM Page 250 Figure 8-2: Intranet document publisher system. category. So a category has many viewers and publishers. 248 Part II: Developing Intranet Solutions 11 549 669 ch08.qxd 4/ 4/03 9:25 AM Page 248 ◆ In each category there will be many documents. Each. category ( VIEWER_ID). Continued Chapter 8: Intranet Simple Document Publisher 249 11 549 669 ch08.qxd 4/ 4/03 9:25 AM Page 249 TABLE 8-1 DOCUMENT PUBLISHER DATABASE TABLES (Continued) Table Description LD_DOCUMENT

Ngày đăng: 13/08/2014, 12:21

TỪ KHÓA LIÊN QUAN